NSA Director Rogers Disclosed FISA Abuse Days After Page Warrant Was Issued

News Analysis

On March 9, 2016, Department of Justice (DOJ) oversight personnel learned that the FBI had been employing outside contractors who had access to raw Section 702 Foreign Intelligence Surveillance Act (FISA) data, and retained that access after their work for the FBI was completed.

This information was disclosed in a 99-page FISA court ruling on April 26, 2017, that was declassified by Director of National Intelligence Dan Coats.

That wasn’t an isolated incident and the improper access granted to outside contractors “seems to have been the result of deliberate decisionmaking” (footnote – page 87).

The FISA court noted the “FBI’s apparent disregard of minimization rules” and questioned “whether the FBI may be engaging in similar disclosures of raw Section 702 information that have not been reported.”

Section 702 permits the government to target foreign persons located outside the United States for surveillance, with the purpose of acquiring foreign intelligence information. Oversight of Section 702 collection is conducted by the FISA court. For more on Title III and Section 702, see here.

On the same day of the discovery of the FBI’s use of private contractors, FBI lawyer Lisa Page sent a text to FBI agent Peter Strzok: “Need to try to fix a HUGE who f-up.” Page quickly corrected her typo by texting “Wfo”—an abbreviation for the FBI’s Washington field office.

Page would later send another text on the same day, noting, “Need to go meet with andy again now.” Andy was then-Deputy FBI Director Andrew McCabe.

Following the discovery that outside contractors for the FBI were accessing raw FISA data, then-National Security Agency (NSA) Director Adm. Mike Rogers directed the NSA’s Office of Compliance to conduct a “fundamental baseline review of compliance associated with 702” at some point in early April 2016 (Senate testimony & page 83-84 of court ruling).

Rogers served concurrently as director of the NSA, commander of the U.S. Cyber Command, and Central Security Service chief from April 2014 to May 2018. Rogers previously was the director for intelligence for both the Joint Chiefs of Staff and U.S. Pacific Command, and as commander of the U.S. Fleet Cyber Command and the U.S. 10th Fleet.

Rogers played a major role in uncovering ongoing FISA abuses, and his efforts are revealed in the April 26, 2017, FISA court ruling. Significant changes to the handling of raw Section 702 FISA data resulted from the FISA court’s findings.

On April 18, 2016, Rogers moved aggressively in response to the disclosures. He abruptly shut down all FBI outside-contractor access. At this point, both the FBI and the DOJ’s National Security Division (NSD) became aware of Rogers’s compliance review. They may have known earlier, but they were certainly aware after outside-contractor access was halted.

Despite a continuous daily stream of messages between Strzok and Page, no texts from the specific day that Rogers halted contractor access to the NSA database have been made public. On the following day, April 19, 2016, Page sent a text that ended with “And still in with andy.” The version available is heavily redacted. Strzok responded, “Hi going to try and catch Bill.” This text refers to Bill Priestap, head of the FBI’s Counterintelligence Division. Later, Page responded again, “Still in with andy.”

The DOJ’s NSD maintains oversight of the intelligence agencies’ use of Section 702 authority. The NSD and the Office of the Director of National Intelligence (ODNI) jointly conduct reviews of the intelligence agencies’ Section 702 activities every 60 days. The NSD—with notice to the ODNI—is required to report any incidents of agency noncompliance or misconduct to the FISA court.

Instead of issuing individual court orders, Section 702 requires the Attorney General and the Director of National Intelligence (DNI) to provide the Foreign Intelligence Surveillance Court (FISC) with annual certifications that specify categories of foreign intelligence information the government is authorized to acquire, pursuant to Section 702.

The Attorney General and the DNI must also certify that Intelligence Community agencies will follow targeting procedures and minimization procedures that are approved by the FISC as part of the certification.

On Sept. 26, 2016, NSD head John Carlin filed the government’s proposed 2016 Section 702 certifications. Carlin knew the general status of Rogers’s compliance review. The NSD was part of the review.

In his filing, Carlin failed to disclose a Jan. 7, 2016, inspector general report that was highly critical of agency controls for monitoring query compliance. Carlin also failed to disclose the FBI’s use of private contractors and Rogers’s ongoing compliance review.

On Sept. 27, 2016, the day after he filed the annual certifications, Carlin announced his resignation, which would become effective on Oct. 15, 2016.

On Oct. 4, 2016, a standard follow-up court hearing was held (Page 19), with Carlin present. Again, he made no disclosure of FISA abuse or other related issues. This lack of disclosure would be noted by the court later in the April 2017 ruling:

“The government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing [was ascribed] to an institutional “lack of candor.”

On Oct. 15, 2016, Carlin formally left the NSD.

On Oct. 20, 2016, Rogers was briefed by the NSA compliance officer on findings from the 702 NSA compliance audit. The audit had uncovered a large number of issues, including numerous “about query” violations (Senate testimony).

Rogers shut down all “about query” activity on Oct. 21, 2016. “About queries” are particularly worrisome, since they occur when the target is neither the sender nor the recipient of the collected communication—but the target’s “query,” such as an email address, is being passed between two other communicants.

On the same day, the DOJ and FBI sought and received a Title I FISA warrant on Trump campaign adviser Carter Page. At this point, the FISA court still was unaware of the Section 702 violations.

Sometime between Oct. 21 and Oct. 24, 2016, Rogers reported his findings to the DOJ. From there, he presented his findings to the FISA court (Senate testimony & inferences from court ruling):

Adm. Mike Rogers: I was briefed on something like October the 20th … I then, from memory, went to the Department of Justice and then on to the FISA court at the end of October—I think it was something like the 26th of October—and we informed the court: We have a compliance issue here and we’re concerned that there’s an underlying issue with the technical solution we put in place.

Sen. James Lankford: So you reported initially to the court, this is an issue, or the court initially came to you and said, we have an issue?

Rogers: I went to the court and said, we have an issue.

Rogers’s recollection was correct. On Oct. 24, 2016, Rogers verbally informed the FISA court of his findings (Page 4 of court ruling):

“On October 24, 2016, the government orally apprised the Court of significant non-compliance with the NSA’s minimization procedures involving queries of data acquired under Section 702 using U.S. person identifiers. The full scope of non-compliant querying practices had not been previously disclosed to the Court.”

Rogers appeared formally before the FISA court on Oct. 26, 2016, and presented the written findings of his audit (Page 4, 14 & 19 of Court Ruling & Senate testimony).

“Two days later, on the day the Court otherwise would have had to complete its review of the certifications and procedures, the government made a written submission regarding those compliance problems … and the Court held a hearing to address them.”

“The government reported that the NSA IG and OCO were conducting other reviews covering different time periods, with preliminary results suggesting that the problem was widespread during all periods under review.”

The FISA court was unaware of the FISA “query” violations until they were presented to the court by then-NSA Director Rogers.

The NSD and FBI knew Rogers was conducting his own compliance review. Rogers knew the NSD was finalizing its 2016 certification. The NSD was aware that its 2016 certification lacked material and legally required disclosure.

The NSD carries the “responsibility of overseeing the foreign intelligence, counterintelligence and other national security activities of the United States Intelligence Community.” Duties include “representing the government before the Foreign Intelligence Surveillance Court (FISC).”

Additionally, the Operations Section of the NSD is “responsible for preparing and filing all applications for Court orders pursuant to FISA.” The original Page FISA application, along with the three subsequent renewals, carried a signature page from a DOJ attorney, whose name was redacted, but is almost certainly associated with the NSD.

Carlin had to be aware of the FISA application on Page that was being prepared by the FBI. His lack of disclosure of the FISA abuses in the annual Section 702 Certifications paved the way for the Page application to pass. The FBI and the DOJ’s NSD were literally racing against Rogers’s investigation in order to obtain the FISA warrant on Page.

As all of this was transpiring, then-DNI James Clapper and then-Defense Secretary Ash Carter submitted a recommendation that Rogers be removed from his position as NSA chief. The move to fire Rogers, which failed, originated sometime in mid-to-late October 2016—exactly when Rogers was preparing to present his findings to the FISA court.

Rogers knew the NSD had submitted their annual proposal to the FISA court. Rogers also had to know of preliminary results from his compliance review before the Oct. 20, 2016, formal briefing from his NSA compliance officer.

So why didn’t Rogers provide an earlier, preliminary briefing to the FISA court? To be clear, Rogers wasn’t in any way assisting the FBI in obtaining the Page FISA. The information that Rogers presented to the FISA court was damning. It resulted in a complete overhaul of the FISA process and its underlying systems. The FISA court was particularly critical of the FBI in its ruling.

Rogers presented his findings directly to the FISA court’s presiding judge, Rosemary Collyer. Collyer and Rogers would work together for the next six months, addressing the issues that Rogers had uncovered.

It was Collyer who wrote the April 26, 2017, FISA Court ruling on the entire episode. It also was Collyer who signed the original FISA warrant on Carter Page on Oct. 21, 2016.

Rogers informed Collyer of the ongoing FISA abuses by the FBI and NSD just three days after she personally signed the Page FISA warrant.

To my knowledge, virtually every FBI and NSD official with material involvement in the original Carter Page FISA application would later be removed in one fashion or another. One significant and potentially telling exception is Bill Priestap, who still serves as head of the FBI’s Counterintelligence Division.

Rogers formally retired on May 4, 2018, in a ceremony that paid honor to his service, which is remarkable, given that the Obama administration tried to fire him well over a year earlier.

One other notable event transpired that directly involved Rogers.

On the morning of Nov. 17, 2016, Rogers traveled to meet President-elect Donald Trump and his transition team at Trump Tower, but didn’t inform DNI Clapper about the meeting. That evening, the Trump team announced they were moving all transition activity to Trump National Golf Club in New Jersey.

It makes one wonder what, exactly, Rogers communicated to Trump.

Jeff Carlson is a CFA charterholder. He worked for 20 years as an analyst and portfolio manager in the high-yield bond market. He runs the website TheMarketsWork.com